This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes Tomcat and the fly likes SSL Cert Error - Mismatched Address Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "SSL Cert Error - Mismatched Address" Watch "SSL Cert Error - Mismatched Address" New topic

SSL Cert Error - Mismatched Address

Ed James

Joined: Feb 10, 2010
Posts: 7
Hi all,

I have just setup a new Tomcat installation and created a keystore, created a CSR, created the Cert (using our internal CA), imported the root cert into the keystore and then the site cert into the keystore (alias Looks like I've created everything correctly - no errors during any of these steps. However, when I load the site, I get "Certificate Error: Mismatched Address". I thought that I just needed to add a Host name entry into the server.xml conf file to include but I'm missing something. Can someone help me with this? What am I overlooking? As you can tell, I'm new to Tomcat :-)

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17257

If this is the message I think it is, the hostname on the SSL cert doesn't match the hostname that you're serving it from.

An IDE is no substitute for an Intelligent Developer.
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

When you generate your cert request with the Java keytool it asks you a series of questions.
One of them is your first and last name (which is misleading).
What it really wants there is the domain name. If that doesn't match the domain of your server you will get this message.

For instance, if you were generating a key for your keytool session would look like:

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
subject: SSL Cert Error - Mismatched Address
It's not a secret anymore!